none
UAG DA management error DoSP cannot be enabled

    问题

  • I have completed the TLG for UAG/Direct Access and have tried to implement UAG/DA in my production environment.  I am getting an application event log error 10105 from UAG DA Management “DoSP cannot be enabled.  The 6to4 network interface cannot be found.”  I also get a 20023 from DnsAlgSrv “A Socket listener failed to start.  The UAG DNS64 service starts but cannot accept traffic.  Will retry to start the socket listeners [x] more times every [30] seconds.”

     

    I used the TLG document as a guide for installation in my environment.  There are a few differences that I can think of.

    1.      Our internal domain/dns space does NOT match our external dns/domain. 

    2.      I used a public cert for the IPHTTPS listener.

    a.       That cert is a wildcard cert

     

    The webmonitor shows DNS64, Network Security, 6to4 Router, Teredo Server and Teredo Relay as “Not Healthy”

     

     

    The UAG server is not in an array, the public NIC has consecutive public IP’s.  I have removed the 6to4 adapter (only 1 available even showing hidden), rebooted and reactivated.  I also have tried using netsh to enable the 6to4 adapter.  I do NOT receive any error message when clicking the “Apply Policy” or “Activate” button.

     

    Google/Bing can’t seem to find the answer for me.  Does anyone have a suggestion?

     

    2011年5月24日 21:12

答案

  • After engaging MS tech support, we quickly discoverd that I had a duplicate IP problem.  Essentially the person who gave me the public IP's to use gave me IP's that were already in use.  I obtained addresses that weren't in use and it worked just like it is supposed to.  

    ipconfig /all would have told me that....  I won't be trusting the individual who gave me the bad IP's for a while as he cost me over a week.

    • 已标记为答案 PMCWayne 2011年6月6日 13:19
    2011年6月6日 13:19

全部回复

  • Have a look through the advice I provided here: http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/a6344fd7-a030-44b9-8994-aeacb8466b77/ and report back your respective results...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    2011年5月24日 23:35
    版主
  • Before doing anything a netsh int ipv6 show int displayed the following

    Connected                   Loopback Pseudo-Interface 1

    Disconnected              6TO4 Adapater

    Connected                   LAN

    Disconnected              Local Area Connection* 11

    Connected                   isatap.{FAB89CBB-7F89-4C3E-939C-E467169292D3}

    Disconnected              isatap.{7007CC72-6F2B-4E6F-A630-40A1E804F3D8}

    Connected                   IPHTTPSInterface

    Connected                   WAN

    Disconnected              isatap.{78AD70A0-41CD-4C50-A3CC-F9F26C7C6172}

     

    I then ran the following commands (in this order)

     

    Netsh ipsecdos reset

     

    netsh ipsecdos add interface "Loopback Pseudo-Interface 1" public

    netsh ipsecdos add interface "6TO4 Adapter" public

    netsh ipsecdos add interface LAN internal

    netsh ipsecdos add interface "Local Area Connection* 11" public

    netsh ipsecdos add interface isatap.{FAB89CBB-7F89-4C3E-9E9C-E467169292D3} internal

    netsh ipsecdos add interface isatap.{7007CC72-6F2B-4E6F-A630-40A1E804F3D8} internal

    netsh ipsecdos add interface IPHTTPSInterface public

    netsh ipsecdos add interface WAN public

    netsh ipsecdos add interface isatap.{78AD70A0-41CD-4C50-A3CC-F9F26C7C6172} internal

     

     

    The netsh int ipv6 show int displayed the exact same results as before.  Additionally the UAG Web monitor continued to show DNS64, Network Security, 6to4 Router, Teredo Server and Teredo Relay as “Not Healthy”

     

    I rebooted the server and am still getting the same application events as in my original post, however the UAG web monitor now shows DNS64 as Healthy, the others remain Not Healthy”. 

     

    I then did the reset and add interfaces over again this time changing only the loopback-pseudo-interface 1 to internal.  Exact same result as the first time.

     

    I then viewed the server I built in the lab using the TLG document and noticed that the “Corpnet” interface was not listed in the internal or public interfaces when I ran a netsh ipsecdosprotection sho int command.  I reran the reset and added all the interfaces back in except the LAN one.  Rebooted and found the same results, same error messages. 

     

    What else can I try?

    2011年5月25日 19:36
  • Anyone?
    2011年5月31日 13:54
  • After engaging MS tech support, we quickly discoverd that I had a duplicate IP problem.  Essentially the person who gave me the public IP's to use gave me IP's that were already in use.  I obtained addresses that weren't in use and it worked just like it is supposed to.  

    ipconfig /all would have told me that....  I won't be trusting the individual who gave me the bad IP's for a while as he cost me over a week.

    • 已标记为答案 PMCWayne 2011年6月6日 13:19
    2011年6月6日 13:19
  • Ah, always what you dont expect!

    Thanks for the update...


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    2011年6月6日 13:50
    版主